How to remove msivxserv.sys trojan (Google redirect virus)

MSIVXserv.sys trojan is a new hidden trojan/rootkit from DNSChanger trojan family. The trojan uses rootkit-specific techniques designed to hide the software presence in the system. Once infected it blocks user access to security websites, blocks Spybot, AdAware, AVG, Superantispyware and Malwarebytes Anti-malware. Search results in Google, Yahoo, MSN and other redirects you to other non related sites.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded you will see window similar to the one below.

Malwarebytes Anti-Malware Window

Select “Perform Quick Scan”, then click Scan. The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.

Malwarebytes Anti-malware, list of infected items

Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

After hours of hard research work, I came across a different solution because MalWarebytes (MBAM)didn’t work for me. Try HitMan Pro (ver 3.5 is the latest as of this writing) fixed my Google & Yahoo Redirect Virus. The file culprit was named 7n8001.sys and was located in the Drivers sub-directory under C:\Windows\System32.

It took several hours of research and experimentation before I came upon this solution. I found the software on CNet. Looks like it’s free for 30 days. It’s a cloud computing solution. If you try deleting or renaming the virus yourself, it regenerates itself. It’s nasty and persistent.

As of today, 1/20/2010, the latest updates for AVG, Malwarebytes, Spybot Search & Destroy, and AdAware could not fix it. XDELBox found it but couldn’t fix it (couldn’t write to the HOSTS file in C:\Windows\System32\Drivers\ETC.)

Neither of those options worked for me. The first one didn’t remove the virus so I tried the second one – MalwareBytes – and it downloaded to my computer but wouldn’t run and didn’t show any of the screens this website said it should. My computer still has the redirect virus and it’s getting pop-ups now too.

HITMAN 3 has a lot of haters at cnet. most say to completely avoid this program. will not uninstall
don’t know why some one try to spam it at this site.
TDSSkiller, i’ve read some good things about it, i might try it. but will avoid hitman. go to cnet if you want to see all the complaints about hitman.

I am in safe mode and your advenger program will not open in safe and normal. UGH I have been fighting this google bug for a week now, all my scans find it and delete it then somehow it pops right back up.

Follow US

NEED A HELP ?

If you’re seeing unwanted pop-ups or ads, browser extensions or toolbars in your web-browser, you might have an adware, malware or spyware installed on your computer. Here are some steps you can take to remove unwanted software. Or ask for help here.